VMware Security Advisory: VMSA-2024-0019 – Critical Vulnerabilities in VMware vCenter Server

On September 17, 2024, VMware issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation. The vulnerabilities—CVE-2024-38812 and CVE-2024-38813—could allow attackers to execute remote code and escalate privileges. VMware has released updates to mitigate these threats, urging users to apply the patches immediately.

Impacted Products

The vulnerabilities affect the following products:

  • VMware vCenter Server (versions 8.0, 7.0)
  • VMware Cloud Foundation (versions 5.x, 4.x)

Vulnerabilities Overview

1. CVE-2024-38812: Heap-Overflow Vulnerability in vCenter Server

  • Description: A critical heap-overflow vulnerability in the DCERPC protocol implementation could allow remote attackers to execute arbitrary code by sending specially crafted network packets.
  • Severity: Critical with a CVSSv3 score of 9.8.
  • Attack Vector: An attacker with network access to the vCenter Server could exploit this vulnerability for remote code execution.
  • Resolution: Apply the updates listed in the response matrix below.

2. CVE-2024-38813: Privilege Escalation Vulnerability in vCenter Server

  • Description: A privilege escalation vulnerability allows attackers to gain root access by sending a specially crafted network packet.
  • Severity: Important with a CVSSv3 score of 7.5.
  • Attack Vector: This vulnerability can be exploited by a malicious actor with network access to vCenter Server.
  • Resolution: Apply the necessary updates to prevent escalation of privileges.

Fixes and Patching Guidance

VMware has provided the following updates to address these vulnerabilities:

  • VMware vCenter Server 8.0 U3b: Download here
  • VMware vCenter Server 7.0 U3s: Download here
  • VMware Cloud Foundation 5.x/4.x: An asynchronous patch is available, detailed in KB article 88287.

Response Matrix

ProductVersionCVECVSSv3 ScoreSeverityFixed VersionWorkarounds
VMware vCenter Server8.0CVE-2024-38812, 388139.8, 7.5Critical8.0 U3bNone
VMware vCenter Server7.0CVE-2024-38812, 388139.8, 7.5Critical7.0 U3sNone
VMware Cloud Foundation5.xCVE-2024-38812, 388139.8, 7.5CriticalAsync Patch (8.0)None
VMware Cloud Foundation4.xCVE-2024-38812, 388139.8, 7.5CriticalAsync Patch (7.0)None

Additional Documentation

VMware has provided a supplemental FAQ for more detailed guidance on these vulnerabilities, which can be accessed here.

Security Recommendations

Given the critical nature of CVE-2024-38812 and CVE-2024-38813, VMware highly recommends that affected users apply the provided patches without delay. In-product workarounds are not available, making the updates crucial to maintain the security and integrity of your VMware vCenter deployments.

For further details, you can access VMware’s official documentation and security blog:

For queries, please contact VMware via email at vmware.psirt@broadcom.com.

🔥Subscribe to the channel: https://bit.ly/3vY16CT🔥

🚨Read my blog: https://angrysysops.com/

👊Twitter: https://twitter.com/AngrySysOps
👊Facebook: https://www.facebook.com/AngrySysOps
👊My Podcast: https://bit.ly/39fFnxm
👊Mastodon: https://techhub.social/@AngryAdmin

Please leave the comment